Single routine-level DENY EXECUTE causes all routine metadata in the database to become completely hidden

Session 1

13.1.0-dbg>CREATE DATABASE d1;

Query OK, 1 row affected (0.000 sec)

13.1.0-dbg>DELIMITER $$

13.1.0-dbg>CREATE DEFINER=root@localhost PROCEDURE d1.p1() BEGIN SELECT 1; END$$

Query OK, 0 rows affected (0.002 sec)

13.1.0-dbg>CREATE DEFINER=root@localhost PROCEDURE d1.p2() BEGIN SELECT 2; END$$

Query OK, 0 rows affected (0.003 sec)

13.1.0-dbg>DELIMITER ;

13.1.0-dbg>CREATE USER u@localhost;

Query OK, 0 rows affected (0.001 sec)

13.1.0-dbg>GRANT EXECUTE ON d1.* TO u@localhost;

Query OK, 0 rows affected (0.001 sec)

13.1.0-dbg>DENY EXECUTE ON PROCEDURE d1.p1 TO u@localhost;

Query OK, 0 rows affected (0.001 sec)

13.1.0-dbg>FLUSH PRIVILEGES;

Query OK, 0 rows affected (0.001 sec)

13.1.0-dbg>

Session 2

MariaDB [d1]> CALL p2();

+---+

| 2 |

+---+

| 2 |

+---+

1 row in set (0.001 sec)

Query OK, 0 rows affected (0.001 sec)

MariaDB [d1]>

MariaDB [d1]> SELECT COUNT(*) AS visible_routines

    ->   FROM information_schema.ROUTINES WHERE ROUTINE_SCHEMA='d1';

+------------------+

| visible_routines |

+------------------+

|                0 |

+------------------+

1 row in set (0.005 sec)

MariaDB [d1]>

CREATE DATABASE d1;

DELIMITER $$;

CREATE DEFINER=root@localhost PROCEDURE d1.p1() BEGIN SELECT 1; END$$

CREATE DEFINER=root@localhost PROCEDURE d1.p2() BEGIN SELECT 2; END$$

DELIMITER ;$$

CREATE USER u@localhost;

GRANT EXECUTE ON d1.* TO u@localhost;

DENY EXECUTE ON PROCEDURE d1.p1 TO u@localhost;

FLUSH PRIVILEGES;

connect (x, localhost, u,, d1);

# user CAN execute the non-denied routine p2:

CALL p2();

# information_schema.ROUTINES shows 0 routines (expected >=1 for p2):

SELECT COUNT(*) AS visible_routines FROM information_schema.ROUTINES WHERE ROUTINE_SCHEMA='d1';

# SHOW PROCEDURE STATUS shows 0 rows:

SHOW PROCEDURE STATUS WHERE Db='d1';

connection default;

disconnect x;

DROP USER u@localhost;

DROP DATABASE d1;